Curious About Spam Technique

[Skeptical Greg]

I'm just curious why a spammer goes to a lot of trouble.

I get tons ( 5 - 10 a day ) from sender that looks like this:

j9u3xl5hnwiq@cerdaline.info

They are for various consumer products, insurance , home improvement and the like.

The gibberish before the @ is always different, so it's pointless to just block the sender. I've tried to filter for the " cerdaline.info " but my spam filter doesn't seem to be managing that for some reason.

I'm not trying to get advice about a better spam filter, or ditching my e-mail provider.

I'm just curious for the sake of conversation, how a spammer manages to do this and why they go to the trouble.

 

[Wudang]

Sending emails is basically free and just the odd response is basically free money. Low probability of individual successes but multiplied by the number of emails sent.

 

[Gord_in_Toronto]

Sending emails is basically free and just the odd response is basically free money. Low probability of individual successes but multiplied by the number of emails sent.

Send out a million spams and get one response. Success!

@ Greg. You could try blocking all emails from the .info domain. No one sensible really uses that. I'm getting a lot right now from .my, if anyone from Malaysia wants to contact me they should phone.

 

[theprestige]

I'm just curious why a spammer goes to a lot of trouble.

I get tons ( 5 - 10 a day ) from sender that looks like this:

j9u3xl5hnwiq@cerdaline.info

They are for various consumer products, insurance , home improvement and the like.

The gibberish before the @ is always different, so it's pointless to just block the sender. I've tried to filter for the " cerdaline.info " but my spam filter doesn't seem to be managing that for some reason.

I'm not trying to get advice about a better spam filter, or ditching my e-mail provider.

I'm just curious for the sake of conversation, how a spammer manages to do this and why they go to the trouble.

It's no trouble. Creating the email addresses and sending the emails is automated. It'd take me 20 minutes to bang out a simple script that could do this indefinitely.

 

[Skeptical Greg]

Thanks for the response.

@Gord_in_Toronto
I tried to filter with .info but it's not working for some reason.

 

[Wudang]

Hard to advise without knowing how you read email but the sender's actual email address might be something different from what is displayed - yes I know that's very vague. For instance on mail.google.com you can "open in new window", click the "3 dots" more button and select "show original" to show various headers in a popup.

 

[alfaniner]

A couple days ago I got what I think is a phishing attempt claiming to be from xFinity/Comcast (cable company). I almost bit, but I noticed the links looked a bit wonky (something like" xFinity_xd"). Just because it says "xfinity" in the email address doesn't mean it's from them. More suspicious because it came to a side account only, and said I'd lose access after today (when I had no prior warnings.)
Always check those links and don't follow up on anything that has a weird TinyUrl link.

 

[Wudang]

Also check your browser's address bar - most have a button of some sorts that will tell you if the site is verified and by who. This will help catch addresses that look valid but have, say, a Cyrillic character replacing a character in a url.

 

[3point14]

Flour, egg, flour, fry.

 

[Wudang]

You forgot the eggs, chips, and beans.

 

[bigred]

Once in awhile I won't get an email I expected to and check my spam folder and can't believe all the ridiculous BS in there. It's all or very nearly all very obvious spam, with very obvious fake or even nonsensical email addresses, titles, etc...my favorite is when they can't spell to save their life and/or put all kinds of cutesy little graphics in the title line. Do they think real businesses do that? Seems to me that if they put half the effort into finding/working at a real job they would probably make a lot more money.

 

[Wudang]

Once in awhile I won't get an email I expected to and check my spam folder and can't believe all the ridiculous BS in there. It's all or very nearly all very obvious spam, with very obvious fake or even nonsensical email addresses, titles, etc...my favorite is when they can't spell to save their life and/or put all kinds of cutesy little graphics in the title line. Do they think real businesses do that? Seems to me that if they put half the effort into finding/working at a real job they would probably make a lot more money.

Consider US literacy statistics.

 

[bigred]

I get that, but it's extremely rare for me to get a legit business/retail/etc email with such errors...you'd think they'd put a little effort into trying to look legit. Isn't that the point? It's almost like they're trying to do the opposite.

 

[Wudang]

Consider US voting statistics.

 

[novaphile]

Once in awhile I won't get an email I expected to and check my spam folder and can't believe all the ridiculous BS in there. It's all or very nearly all very obvious spam, with very obvious fake or even nonsensical email addresses, titles, etc...my favorite is when they can't spell to save their life and/or put all kinds of cutesy little graphics in the title line. Do they think real businesses do that? Seems to me that if they put half the effort into finding/working at a real job they would probably make a lot more money.

I believe that this is a deliberate tactic.

They don't want to deal with people who realise that they're being scammed half way through an expensive setup.

So, they make obvious errors that will put off anyone except those labouring under series mental deficiencies...

(Dementia, developmental disorder, acquired brain injury etc.)

In other words, they are scum and need to die in a fire.

 

[bigred]

As logical of an explanation as any I've yet heard...

 

[theprestige]

I get that, but it's extremely rare for me to get a legit business/retail/etc email with such errors...you'd think they'd put a little effort into trying to look legit. Isn't that the point? It's almost like they're trying to do the opposite.

They're trying to filter out critical thinkers who pay attention to such details. They don't want to waste time on marks that will see through the scam.

 

[jeremyp]

It's no trouble. Creating the email addresses and sending the emails is automated. It'd take me 20 minutes to bang out a simple script that could do this indefinitely.

Yes and no. You could try but you would probably find yourself blacklisted fairly quickly. If you're using your normal ISP to send the emails, it wouldn't be long before they will be having words with you. If you set up your own MTA, it'll get blacklisted pretty quickly.

However, the people who do this are well aware of the hoops and have strategies to get around them that do not cost much money relative to the return.

 

[theprestige]

Yes and no. You could try but you would probably find yourself blacklisted fairly quickly.

I'm saying it's no trouble to generate the emails and the arbitrary email "from" addresses to go with them. Sending them in bulk without getting caught is a separate problem. You made it sound like just creating random bogus "from" addresses was troublesome - perhaps even more trouble than it's worth to scammers. I'm saying that part is no trouble at all.

If you're using your normal ISP to send the emails, it wouldn't be long before they will be having words with you. If you set up your own MTA, it'll get blacklisted pretty quickly.

However, the people who do this are well aware of the hoops and have strategies to get around them that do not cost much money relative to the return.

Exactly.

 

[The_Animus]

The vast majority are very obviously fake/ scams.

The most well done one I've seen was a scam email that is spoofed to look like it comes from your own account, with your email address and your avatar/icon picture, claiming to have gained access your account and computer, threatening to release personal info or porn viewing history, or Webcam footage they've secretly recorded if you don't give them crypto or something along those lines.

As others have mentored I know you can usually click on the ... or whatever to see the actual email address of the sender and is an easy way to see it's a fake. But if I recall correctly, they managed to fake that too so it still looked like it came from my address.

Fortunately them threatening to send a webcam recording when I don't even have a webcam gave it away. I was still concerned that someone could have gained access to my account but some googling said it was possible for scammers to do this and make it really look like it comes from your own account including the avatar/ icon. So I ignored it.

They sent a few such emails over the course of a week and I haven't seen it again since then and it's been a year or two. I have seen emails from the more obvious scammers with addresses like the ones mentioned by others in this thread that had basically the same body message as the ones that faked my address.

 

[P.J. Denyer]

I'm saying it's no trouble to generate the emails and the arbitrary email "from" addresses to go with them. Sending them in bulk without getting caught is a separate problem. You made it sound like just creating random bogus "from" addresses was troublesome - perhaps even more trouble than it's worth to scammers. I'm saying that part is no trouble at all.


Exactly.

And of course if your email server is in a country that doesn't care about little things like spam and scams so long as the bill gets paid, you're golden.

 

[theprestige]

And of course if your email server is in a country that doesn't care about little things like spam and scams so long as the bill gets paid, you're golden.

Not quite golden. Misbehaving mail servers get added to widely-used blocklists. The company or country hosting your mail server could be absolutely sanguine about your shenanigans, and you still won't get anywhere because nobody else is accepting or forwarding your messages.

I think nowadays the trick is to find email servers wherever you can, and run them until someone notices and blacklists them. I wouldn't be surprised if email spammers are big buyers of botnets for sale on the dark web.

 

[P.J. Denyer]

Not quite golden. Misbehaving mail servers get added to widely-used blocklists. The company or country hosting your mail server could be absolutely sanguine about your shenanigans, and you still won't get anywhere because nobody else is accepting or forwarding your messages.

I think nowadays the trick is to find email servers wherever you can, and run them until someone notices and blacklists them. I wouldn't be surprised if email spammers are big buyers of botnets for sale on the dark web.

True, and I should have remembered this since one of the first IT 'puzzles' I solved (while I was still an accountant, before I moved across) was a mail server that suddenly started rejecting everything. Turned out it was pointing to a blacklist server that was no longer maintained and the providers had decided that the best way to make sure anyone still trying to use it updated to a new one was to set literally everyone in the entire world as spam.

 

[Wudang]

Not quite golden. Misbehaving mail servers get added to widely-used blocklists. The company or country hosting your mail server could be absolutely sanguine about your shenanigans, and you still won't get anywhere because nobody else is accepting or forwarding your messages.

I think nowadays the trick is to find email servers wherever you can, and run them until someone notices and blacklists them. I wouldn't be surprised if email spammers are big buyers of botnets for sale on the dark web.

A few years back now I got a bizarre email from a friend. Random text that it turned out was pulled from files on his PC. The attachment tried to install a simple SMTP agent (IIRC) pulled email addresses from webpages you browsed and forwarded copies of itself.

 

[jeremyp]

I'm saying it's no trouble to generate the emails and the arbitrary email "from" addresses to go with them. Sending them in bulk without getting caught is a separate problem. You made it sound like just creating random bogus "from" addresses was troublesome - perhaps even more trouble than it's worth to scammers. I'm saying that part is no trouble at all.

Agreed. I should clarify that that was the "yes" part of the "yes and no" that started my previous answer.

To expand further, there are several "from" addresses associated with an email. When you submit a mail to a mail transfer agent (MTA) or mail submission agent (MSA) you provide a sender address and a recipient address (or a list of recipient addresses). The sender address can be a little bit hard to fake in that the MSA/MTA may check it to ensure it is legitimate and may even require authentication. However, the "from" address that you see in your email client is not this, it's merely a header in the email text itself. This is ridiculously easy to forge, and, as fr as I am aware, i never checked for legitimacy at all.

 

[Wudang]

For anyone interested - it varies by email client - but if you use gmail in a browser, open an email, click the "3 dots" more menu and select "<> Show original" and you'll see all the gory details.